Changes between 0.9.8l (?) and 0.9.8m (?) [xx XXX xxxx]
+ *) Modify compression code so it frees up structures without using the
+ ex_data callbacks. This works around a problem where some applications
+ call CRYPTO_free_all_ex_data() before application exit (e.g. when
+ restarting) then use compression (e.g. SSL with compression) later.
+ This results in significant per-connection memory leaks and
+ has caused some security issues including CVE-2008-1678 and
+ CVE-2009-4355.
+ [Steve Henson]
+
*) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
connect (but not renegotiate) with servers which do not support RI.
Until RI is more widely deployed this option is enabled by default.
static int zlib_stateful_ex_idx = -1;
-static void zlib_stateful_free_ex_data(void *obj, void *item,
- CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
- {
- struct zlib_state *state = (struct zlib_state *)item;
- inflateEnd(&state->istream);
- deflateEnd(&state->ostream);
- OPENSSL_free(state);
- }
-
static int zlib_stateful_init(COMP_CTX *ctx)
{
int err;
static void zlib_stateful_finish(COMP_CTX *ctx)
{
+ struct zlib_state *state =
+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+ zlib_stateful_ex_idx);
+ inflateEnd(&state->istream);
+ deflateEnd(&state->ostream);
+ OPENSSL_free(state);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
}
if (zlib_stateful_ex_idx == -1)
zlib_stateful_ex_idx =
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+ 0,NULL,NULL,NULL,NULL);
CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
if (zlib_stateful_ex_idx == -1)
goto err;
projects / oweals / openssl.git / commitdiff